The present disclosure relates generally to information handling systems, and more particularly to using a blockchain to provide secure customized catalogs for information handling systems.
As the value and use of information continues to increase, individuals and businesses seek additional ways to process and store information. One option available to users is information handling systems. An information handling system generally processes, compiles, stores, and/or communicates information or data for business, personal, or other purposes thereby allowing users to take advantage of the value of the information. Because technology and information handling needs and requirements vary between different users or applications, information handling systems may also vary regarding what information is handled, how the information is handled, how much information is processed, stored, or communicated, and how quickly and efficiently the information may be processed, stored, or communicated. The variations in information handling systems allow for information handling systems to be general or configured for a specific user or specific use such as financial transaction processing, airline reservations, enterprise data storage, or global communications. In addition, information handling systems may include a variety of hardware and software components that may be configured to process, store, and communicate information and may include one or more computer systems, data storage systems, and networking systems.
Information handling systems such as server devices, networking devices, storage devices, and/or other computing systems, often utilize software catalogs that provide for the updating of software on the components in the computing system. The software catalogs may be created by a computing system provider, and include metadata that allows the computing system to retrieve and install a variety of software updates (e.g., BIOS updates, driver updates, firmware updates, and/or other software updates known in the art) for each of its many different components. Such software catalogs are then cryptographically signed by the computing system provider, and made available to customers via a computing system provider website for use in updating the software on their computing systems. The software catalogs provide several advantages, including the ability to provide for the update of software on each of the components on a computing system, rather than providing for those updates on the computing system components one-by-one. However, many customers utilize computing systems that do not require each of the updates provided in the software catalog by the computing system provider, as their computing system(s) may not include each of the components for which software updates are provided in the software catalog. As such, the computing system provider may provide a catalog customization system (e.g., via the computing system provider website) that allows for the customization of the software catalog created by the computing system provider in order to create a customized software catalog that is configured to provide for the update of software only for the components actually included in the customers' computing system. The provisioning of such customized software catalogs raises a number of issues.
For example, the cryptographic signing of the software catalogs provided by the computing system provider allows a computing system to verify that the software update metadata that provides for the updates of software of its computing components is safe, and will not provide for the updating of the computing system/computing components with malicious software. However, there is no ability for the computing system provider to sign the customized software catalogs created by the customers, as those customized software catalogs are created at the customer sites (e.g., the via computer system provider website). As such, customized software catalogs are distributed to computing systems and used to provide software updates for its components without the ability to verify the software updates provided by those customized software catalogs are safe, thus leaving the computing systems vulnerable to malicious customized software catalogs that can result in the installation of malicious software on the computing systems.
Accordingly, it would be desirable to provide secure customized catalog system.